Snort mailing list archives
Re: [Looking for] Open source reporting tool
From: Michael Boman <michael.boman () securecirt com>
Date: Mon, 02 Feb 2004 13:42:39 +0800
On Mon, 2004-02-02 at 12:24, Aaron wrote:
For those playing the drinking game, please take a swig ahead of time for me. For myself and anyone technical ACID is more than enough to generate the data that is needed. For upper management and end users (customers) however, a much prettier and more generic tool is needed. I have not found anything opensource that makes dumbified pretty reports with statistical graphs, pie charts and etc... Yes, I know ACID sortof does this with JPGraph. Well, not really. I also found a few things that generate html reports from the alert log. I dont keep the alert log. All the data is in the snort database. My company will not use snort unless they can see pretty graphs with breakouts of all the attacks. We used to use Crystal Reports against ISS RealSecure, however both products are no longer supported internally in order to cut costs. I am not complaining, as they are finally adopting and using open source software. You have no idea what a strange warm and fuzzy feeling that is. Maybe it was the rum. If you know of a tool that can generate from the database useful information in the form of detailed graphs (with links to the technical data), pie charts and everything that management and end users would like to see, then please let me know.
Snort Report maybe? http://www.circuitsmaximus.com/
Something that would be even better, would be a tool that could do all previously mentioned things and can be configured to only give data for a specific subnet or subnets, depending on who is browsing it. (Different configs in diff dirs, or username==, etc...)
Snort Report with some patching? I am sure the author/maintainer of the software are willing to help as well, but probably for a small fee.
P.S. - This tool would have to sift through data collected on circuits pushing 500MB each... several of them... and they are external... No I am not smoking anything.
Are you sure about that? Anyway, haven't run Snort Report on anything of that size, but I guess you will find out how well it handles it (or not). PS I have no association with the Snort Report guys what-so-ever, not even using their software. I tried it once, and maybe it will match (some) of your requirements. DS Best regards Michael Boman -- Michael Boman Security Architect, SecureCiRT Pte Ltd http://www.securecirt.com
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- [Looking for] Open source reporting tool Aaron (Feb 01)
- Re: [Looking for] Open source reporting tool Michael Boman (Feb 01)
- <Possible follow-ups>
- Re: [Looking for] Open source reporting tool Aaron (Feb 02)